In the field of Internet e-commerce payments, there is a desire to provide PIN debit payment functions rather than the more typical credit card payments. Merchants prefer PIN debit transactions over credit transactions because they enjoy substantial cost savings in the fees charged by the processing companies. For example, on a $100 purchase, a merchant may need to pay a 2% interchange fee ($2.00) for a credit transaction while a PIN debit transaction for the same purchase may require a flat fee of $0.50. Therefore, brick and mortar merchants often attempt to steer consumers toward paying with a debit card/PIN transaction. Research suggests that consumers have little preference between paying with credit versus PIN debit.
However, PIN debit transactions have typically only been available via brick and mortar retail locations that use an expensive certified PIN entry device (PED) PIN pad and/or a magnetic stripe card reader device. The high cost of these secure PIN pads and card readers has prevented these devices from being more widely adopted. Therefore, there is a need for a secure, low cost PIN data entry system.
Prior attempts to solve this problem in the form of a purely software system have had significant limitations. Such systems require the user to manually enter both account numbers and PIN data into a computer system, which renders them susceptible to the interception of private data by malicious software such as keystroke loggers or other security weaknesses within the computer system. Furthermore, there is an increased risk that a hacker could steal both the account data and PIN data because both are simultaneously located in the computer system's memory during the transaction.